Does the EU AI Act apply to my Swiss company if I only have Swiss customers?

If your AI systems are deployed exclusively to customers in Switzerland and produce no effects in EU member states, the EU AI Act does not apply directly. However, if any system is placed on the market or put into service within the EU – even through a distribution partner or as part of a service accessed online by EU users – the Act applies to that system regardless of where your company is registered. Engaging a lawyer in Switzerland with cross-border EU experience is the most reliable way to assess your specific exposure.

How long does it take to structure AI compliance for a Swiss technology business?

A baseline compliance review covering data protection, technology licensing, and EU AI Act mapping typically takes between four and eight weeks, depending on the complexity of the AI systems involved and the volume of existing contracts to be reviewed. For businesses deploying high-risk systems under the EU AI Act, technical documentation preparation and any required notified body engagement extend the timeline substantially. Early engagement with a law firm in Switzerland before product launch is consistently more efficient than remediation after deployment.

Is AI-generated content protected by copyright in Switzerland?

Under current Swiss intellectual property legislation, copyright protection requires a human creative act. AI-generated output does not attract copyright automatically. Businesses that commercialise AI-generated content must rely on contractual ownership arrangements rather than automatic IP protection. A common misconception is that the company owning the AI system automatically holds copyright in its outputs – Swiss law does not support that assumption, and contracts must address ownership explicitly to create an enforceable position.

AI & Technology Law in Switzerland

A technology company preparing to deploy an AI-driven product in Switzerland faces a regulatory environment that is evolving faster than many compliance teams anticipate. Swiss law imposes obligations under data protection legislation, corporate rules, and sector-specific technology rules. At the same time, Switzerland's position outside the EU means its AI governance path diverges in important respects from Brussels-led mandates – yet the two systems interact directly wherever Swiss businesses touch European markets.

AI and technology law in Switzerland spans data protection compliance, software liability, technology licensing, and the governance of algorithmic systems. International businesses must address obligations under Switzerland's revised data protection legislation, relevant provisions of the Schweizerisches Obligationenrecht (Swiss Code of Obligations), and. where EU market access is sought. the requirements of the EU AI Act. Compliance timelines vary by system risk category and business structure, but early-stage legal structuring is consistently the most cost-effective path.

This page sets out the key legal instruments, common pitfalls, cross-border considerations, and a self-assessment checklist for international clients operating in or through Switzerland in the AI and technology sector.

The regulatory setting for AI and technology in Switzerland

Switzerland is not a passive bystander in global AI governance. The Swiss Federal Council has adopted a cautious, principles-based approach to regulating artificial intelligence. Rather than introducing a single AI-specific statute, Switzerland applies a horizontal overlay of existing legislation to AI systems. That overlay includes revised data protection rules, civil liability provisions under general private law, financial market rules where AI is used in banking or insurance, and telecommunications legislation affecting digital services.

The absence of a domestic AI statute comparable to the EU AI Act does not mean a compliance-free environment. Practitioners in Switzerland note that regulators increasingly interpret existing law in ways that create binding obligations for AI developers and deployers. The Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter (Federal Data Protection and Information Commissioner) has issued guidance that extends data protection obligations to automated decision-making. The commissioner's position is that algorithmic accountability is already required under current law where decisions produce legal or similarly significant effects on individuals.

Corporate structure matters from the outset. An AI business entering Switzerland must decide whether to operate as an Aktiengesellschaft (AG, the Swiss public limited company) or a Gesellschaft mit beschränkter Haftung (GmbH CH, the Swiss limited liability company). Both forms require registration with the Handelsregister Schweiz (Swiss Commercial Register). The choice affects shareholder liability, minimum capital requirements, and the extent to which software assets and technology licensing arrangements can be structured efficiently for cross-border use.

For businesses also operating in the EU, the EU AI Act introduces obligations that Swiss entities cannot ignore. An AI system developed or trained in Switzerland but deployed to European users is subject to EU rules once it touches the EU market. This dual exposure is one of the defining features of Swiss AI practice: clients must simultaneously manage Swiss compliance and EU compliance. Additionally. The two regimes use different conceptual approaches to risk categorisation and conformity assessment.

Key legal instruments for AI and technology operations in Switzerland

Swiss AI and technology law draws on several distinct branches of legislation. Understanding which instruments apply to a specific situation – and in what sequence – determines the practical legal programme for any technology business.

Data protection legislation. Switzerland's revised federal data protection rules came into full effect in September 2023. They apply to any processing of personal data with effects in Switzerland, regardless of where the processor is established. For AI systems, the critical obligations include lawfulness of automated data processing, transparency in profiling, the right of data subjects to obtain human review of automated decisions, and data minimisation requirements. Non-compliance exposes the responsible person – typically a senior manager, not the legal entity – to criminal sanctions. This personal exposure is a structural feature of Swiss data protection law that distinguishes it from EU data protection legislation, where fines fall on the organisation.

Software liability under the Swiss Code of Obligations. Switzerland has not enacted product-specific AI liability legislation. Liability for defective AI systems is assessed under general contract law and tort law provisions of the Swiss Code of Obligations. Where an AI system causes loss, the claimant must typically establish fault or contractual breach. This places significant weight on the terms of technology licensing agreements, service level commitments, and indemnification clauses. Practitioners in Switzerland advise clients to treat contractual risk allocation as the primary liability management tool until a dedicated liability regime is enacted at federal level.

Technology licensing. Swiss contract law imposes relatively few mandatory rules on technology licensing, giving parties broad freedom to structure intellectual property and software licensing arrangements. Licence agreements governed by Swiss law can cover source code, training data, model outputs, and embedded AI components. However, the courts – including the Bundesgericht (Federal Supreme Court of Switzerland) – have consistently held that terms which are ambiguous or unreasonably one-sided may be interpreted contra proferentem or set aside under general principles of good faith. Technology licensing agreements drafted without reference to Swiss interpretive standards create real litigation risk. For IP protection strategies closely linked to licensing, our team's analysis of intellectual property law in Switzerland provides additional detail on registration, enforcement, and cross-border IP structuring.

AI Act compliance for Swiss businesses with EU exposure. The EU AI Act applies on the basis of where an AI system is placed on the market or put into service. not where the developer is located. A Swiss AI company supplying a high-risk system to an EU customer is subject to conformity assessment, technical documentation, and registration requirements before deployment. The Act's prohibited practices apply from an early phase of implementation; obligations for high-risk systems follow a longer rollout timeline. Swiss businesses must map their product portfolio against the Act's risk categories and identify which regulatory pathway applies in time to adjust development cycles.

Sector-specific digital services rules. Financial services, healthcare, and critical infrastructure each carry additional obligations for AI systems operating in those sectors. The Swiss Financial Market Supervisory Authority has published expectations regarding the use of AI in regulated activities. Healthcare AI is subject to medical device legislation where the system qualifies as a device under the applicable rules. These sector-specific overlays add complexity that generic AI compliance programmes frequently miss.

To receive an expert assessment of your AI or technology compliance position in Switzerland, contact us at info@ferrazwhitmore.com.

Common pitfalls and practical insights

International clients entering Switzerland's technology market consistently encounter the same set of avoidable errors. Each carries material legal and commercial consequences.

Assuming Swiss law mirrors EU law. Switzerland is not an EU member state. It has not automatically adopted the EU AI Act, the EU's revised product liability regime, or the Data Act. A compliance programme built entirely around EU requirements will leave gaps in Switzerland. The converse is also true: Swiss data protection rules diverge from EU data protection legislation in areas that affect AI systems directly, including the personal criminal liability point noted above.

Underestimating algorithmic accountability obligations. Many AI developers treat algorithmic accountability as a future requirement. Under current Swiss data protection rules, it is a present obligation wherever automated processing affects individuals materially. Clients who deploy AI systems without a transparency and human-review mechanism already in place are operating in breach of current law, not merely anticipating future risk.

Inadequate technology licensing terms. Swiss courts apply good faith principles actively. A licence agreement that allocates all risk to the licensee, or that gives the licensor unlimited rights to modify or withdraw access without notice, may be partially or wholly unenforceable under Swiss law. International clients who import standard-form technology licensing templates from other jurisdictions without Swiss legal review regularly discover this during disputes. at which point the remediation cost is far higher than the original drafting would have been.

Failure to register or notify where required. Swiss corporate and regulatory rules require disclosure of beneficial ownership, registration of certain activities, and – in regulated sectors – prior approval before commencing operations. AI businesses that begin operating in Switzerland before completing relevant Handelsregister Schweiz registration and sector-specific notifications face enforcement risk and, in financial services, criminal liability.

Missing the EU AI Act timeline. Swiss companies with EU customers are subject to the Act's rollout on the same timeline as EU-based developers. The gap between understanding that the Act applies and completing the necessary conformity documentation, technical file preparation, and – where required – notified body engagement is substantial. Businesses that wait until the applicable deadline approaches frequently cannot complete the process in time.

Treating data processing agreements as boilerplate. AI systems typically process personal data at scale. Data processing agreements with Swiss counterparties must reflect Swiss data protection rules specifically. Using an EU-standard processor agreement without adapting it to Swiss law creates a document that may not satisfy Swiss regulatory expectations and will not protect the responsible person from the personal criminal liability exposure noted above.

Cross-border and strategic considerations: Switzerland, Portugal, and the EU

Switzerland's bilateral relationship with the EU generates a distinctive cross-border dynamic for technology businesses. Switzerland participates in certain EU programmes and treaty regimes, but it is not part of the EU single market. This means that a Swiss-based technology company distributing AI products or digital services into the EU does not benefit from the EU's internal market passporting rules. Each EU member state deployment must be assessed against applicable EU and national rules.

Portugal has become an increasingly significant node in European technology operations. Its combination of EU membership, competitive operating costs, a growing technology cluster, and a civil law system compatible with Swiss contract structures makes it attractive for businesses building European infrastructure from a Swiss base. For clients with operations in both jurisdictions, structuring IP ownership, licensing flows, and data processing arrangements to work across Swiss and Portuguese legal frameworks requires careful planning. Our dedicated service for AI and technology law in Portugal addresses the Portuguese dimension in detail, including the application of EU AI Act obligations under Portuguese law.

The interaction between Switzerland's data protection rules and EU data protection legislation creates a specific cross-border compliance challenge. Where a Swiss company receives personal data from EU customers or partners, it must satisfy EU adequacy standards. Switzerland currently benefits from an EU adequacy decision, which simplifies inbound data flows from the EU. However, that decision was issued under conditions that reference the prior Swiss data protection rules. As Switzerland's revised rules settle into regulatory practice, businesses should monitor whether the EU Commission's adequacy assessment remains stable or requires updated transfer mechanisms.

For dispute resolution, Switzerland offers institutional arbitration under the rules of the Swiss Chambers' Arbitration Institution and Swiss-seated ICC arbitration. Technology disputes – particularly those involving software liability, IP ownership of AI-generated outputs. Additionally. Breach of technology licensing obligations – are increasingly routed to Swiss arbitration because of the technical sophistication of Swiss arbitral institutions and the enforceability of Swiss-seated awards under the New York Convention. Clients who structure their technology agreements to include Swiss arbitration clauses gain a dispute resolution mechanism that operates effectively across civil law and common law counterparties.

A strategic consideration frequently overlooked at the contracting stage is the allocation of IP rights in AI-generated outputs. Swiss intellectual property legislation does not specifically address AI authorship. The position under Swiss law is that only human intellectual activity generates copyright. AI-generated output therefore does not attract copyright protection automatically. This means businesses that rely on AI-generated content as a commercial asset must structure contractual ownership carefully. typically by vesting rights in the entity that owns the AI system and the training data. rather than assuming that the output is inherently protected.

For a tailored strategy on AI and technology operations in Switzerland, reach out to info@ferrazwhitmore.com.

Self-assessment checklist for AI and technology businesses in Switzerland

The following checklist helps international clients identify their current compliance position and prioritise next steps. It does not replace a full legal assessment, but it identifies the questions that shape the legal programme.

Corporate structure and registration. Verify whether your Swiss operations are conducted through a registered entity. Confirm that beneficial ownership information is correctly disclosed under Swiss corporate legislation. If you operate as an AG or GmbH CH, confirm that the Handelsregister Schweiz entry is current and accurately reflects your activity.

Data protection compliance. Identify all personal data processed by your AI systems that has a connection to Switzerland. Map each processing operation to a lawful basis. Confirm that automated decision-making processes are disclosed to data subjects and that a human review mechanism exists for decisions with material effects on individuals. Review contracts with Swiss data processors to ensure they reflect current Swiss data protection rules rather than EU-only standards.

AI Act exposure assessment. List each AI system your business deploys or makes available to EU-based users. Classify each system under the EU AI Act's risk hierarchy. For high-risk systems, identify the applicable conformity assessment pathway and the technical documentation required. Set internal project deadlines that give adequate preparation time before each applicable implementation date.

Technology licensing review. Audit existing technology licensing agreements governed by Swiss law. Check that risk allocation, modification rights, and access continuity terms are enforceable under Swiss good faith principles. Identify any terms that may be characterised as unreasonably one-sided under Swiss case law. This review is particularly important for agreements with Swiss public sector customers, where additional procurement and transparency rules may apply.

Software liability exposure. Assess the liability clauses in your technology licensing and service agreements. Confirm that limitation of liability provisions reflect the risk profile of your AI system's outputs. Where your system operates in a regulated sector – financial services, healthcare, critical infrastructure – verify that sector-specific obligations have been identified and addressed in your contracts and compliance programme.

Sector-specific notifications. If your AI system operates in a regulated sector, confirm whether prior regulatory approval or notification is required before deployment. Identify the competent supervisory authority and the applicable notification procedure. Missing a mandatory pre-deployment notification is one of the most common – and most avoidable – compliance failures for technology businesses new to Switzerland.

Dispute resolution structuring. Confirm whether your key technology agreements contain dispute resolution clauses appropriate for the jurisdiction and counterparty. For agreements with Swiss counterparties, consider whether Swiss arbitration is the most appropriate mechanism, particularly for disputes involving technical or IP-intensive subject matter. For guidance on company formation as a precursor to technology operations, our guide to company formation in Switzerland covers the corporate steps in detail.

Frequently asked questions

Does the EU AI Act apply to my Swiss company if I only have Swiss customers?: If your AI systems are deployed exclusively to customers in Switzerland and produce no effects in EU member states, the EU AI Act does not apply directly. However, if any system is placed on the market or put into service within the EU. even through a distribution partner or as part of a service accessed online by EU users. the Act applies to that system regardless of where your company is registered. Engaging a lawyer in Switzerland with cross-border EU experience is the most reliable way to assess your specific exposure.
How long does it take to structure AI compliance for a Swiss technology business?: A baseline compliance review covering data protection, technology licensing. Additionally, EU AI Act mapping typically takes between four and eight weeks. Depending on the complexity of the AI systems involved and the volume of existing contracts to be reviewed. For businesses deploying high-risk systems under the EU AI Act, technical documentation preparation and any required notified body engagement extend the timeline substantially. Early engagement with a law firm in Switzerland before product launch is consistently more efficient than remediation after deployment.
Is AI-generated content protected by copyright in Switzerland?: Under current Swiss intellectual property legislation, copyright protection requires a human creative act. AI-generated output does not attract copyright automatically. Businesses that commercialise AI-generated content must rely on contractual ownership arrangements rather than automatic IP protection. A common misconception is that the company owning the AI system automatically holds copyright in its outputs. Swiss law does not support that assumption, and contracts must address ownership explicitly to create an enforceable position.

About Ferraz & Whitmore

Ferraz & Whitmore is an international law firm based in Lisbon, advising business clients on AI and technology law across 46 jurisdictions including Switzerland, Portugal, and the broader EU market. Our practice combines Swiss civil law expertise with English common law tradition, enabling us to advise technology companies, platform operators. Additionally. Institutional investors on AI governance, software liability, technology licensing, data protection compliance, and cross-border digital services structuring. As an international law firm in Switzerland and Portugal, we work with clients at every stage of technology deployment – from initial corporate structuring through AI Act conformity assessment to dispute resolution. Our AI and technology law team includes practitioners with experience before Swiss arbitral institutions and familiarity with EU regulatory proceedings. The firm's Lisbon base provides direct access to EU regulatory processes, while our Swiss capability supports clients managing dual Swiss-EU compliance programmes. To discuss your AI or technology legal position in Switzerland, contact us at info@ferrazwhitmore.com.

Sophie Laurent Legal Analyst, Tax & Data Protection

Sophie Laurent leads our French and Scandinavian desks. She advises Swiss banks, French private clients and Scandinavian fintech founders on cross-border tax planning, GDPR compliance and banking regulation. Sophie qualified in both France and Switzerland and worked for six years in a tier-one Geneva tax boutique before joining Ferraz & Whitmore. She is fluent in three languages and writes our French-, Swiss- and Scandinavian-jurisdiction guides on tax and data protection.

Disclaimer: This publication is provided for informational purposes only and does not constitute legal advice. The information herein should not be relied upon as a substitute for professional legal counsel tailored to your specific circumstances. Ferraz & Whitmore assumes no liability for actions taken or not taken based on the contents of this material. For advice regarding your particular situation, please contact info@ferrazwhitmore.com.